What China’s targeting of US telecoms means for post-quantum security
Ceding the initiative to an adversary is a difficult position to recover from — even in cyberspace. Chinese state-sponsored cyber actors are seizing the initiative to exploit publicly known vulnerabilities to unpatched network devices, such as home office routers, to compromise major U.S. telecommunications companies and network service providers, the FBI and other agencies warn in the latest joint cybersecurity advisory.
These cyber actors are infiltrating victims’ accounts by “using publicly available exploit code against virtual private network (VPN) services, or public facing applications — without using their own distinctive or identifying malware — so long as the actors acted before victim organizations updated their systems,” the advisory explained.
While defending against common vulnerabilities is essential, the Biden administration must maintain the initiative against post-quantum cryptography threats. Post-quantum refers to the stage when quantum computers advance to “a sufficient size and level of sophistication” that they break the cryptography that secures our digital communications and financial transactions on the internet. These systems are cryptanalytically relevant quantum computers, meaning they could pose significant national, economic and cybersecurity risks to the United States by weakening the public-key cryptography we rely on to communicate.
It is not a question of if, but when cryptanalytically relevant quantum computers will be developed, according to the White House’s fact sheet on quantum technologies, which estimates this milestone is attainable “at some point in the not-too-distant future.”
Last May, the Biden administration enacted two directives to expand the 2018 National Quantum Initiative Act: an executive order establishing a committee to advise the White House about the National Quantum Initiative program; and the National Security Memorandum on Promoting United States Leadership in Quantum Computing. The memorandum warns that quantum information science presents significant security risks to cryptographic systems that safeguard critical infrastructure and secure military and civilian…